package com.security.security;


import com.security.dto.SysUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

import javax.servlet.http.HttpServletRequest;
import java.util.Collection;

/**
 * @author 顾志杰
 * @date 2020/7/21-11:02
 */
@Component("rbacService")
public class RBACService {

    private final AntPathMatcher antPathMatcher = new AntPathMatcher();

    /**
     * 判断资源权限
     */
    public boolean hasPermssion(HttpServletRequest request, Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if (principal instanceof SysUser) {
            Collection<? extends GrantedAuthority> authorities = ((SysUser) principal).getAuthorities();
            return authorities.stream().anyMatch(url -> antPathMatcher.match(url.toString(), request.getRequestURI()));
        }
        return false;
    }
}
